Adobe® Connect ?· Adobe® Connect Security Adobe Connect Security White Paper Overview At Adobe, we…
Post on 29-Sep-2018
Embed Size (px)
Adobe Connect Security
Adobe Connect Security White Paper
OverviewAt Adobe, we take the security of your digital experiences seriously. From our rigorous integration of security into our internal software development process and tools to our cross-functional incident response teams, we strive to be proactive and nimble. Whats more, our collaborative work with partners, researchers, and other industry organizations helps us understand the latest security best practices and trends and continually build security into the products and services we offer.
This white paper describes the defense-in-depth approach and security procedures implemented by Adobe to bolster the security of your Adobe Connect Hosted and Adobe Connect Managed Services experience and your data.
About Adobe ConnectAdobe Connect is a secure web conferencing platform that offers immersive online meeting experiences for collaboration, virtual classrooms, and large-scale webinars. Powering end-to-end, mission-critical web conferencing solutions on virtually any device, Adobe Connect enables organizations to fundamentally improve productivity. Adobe Connect is available in two common deployment options:
Adobe Connect Hosted Multi-tenant, which uses a combination of Adobe and co-located infrastructure in a shared cloud deployment; and
Adobe Connect Managed Services, which uses the Amazon Web Services (AWS) cloud infrastructure in a private cloud deployment. Each ACMS customer has private images provisioned for the Adobe Connect application, database and storage.
On-premise deployment of Adobe Connect is also available.
Adobe Connect Solution ComponentsAdobe Connect is comprised by two primary components: the Adobe Connect application suite and the Adobe Connect Server. All deployment options require both components, with the difference being the location of the Adobe Connect Server (hosted, managed service, or on-premise).
Adobe Connect Application SuiteAdobe Connect includes a suite of five web-based software solutions:
Adobe Connect MeetingCreate, manage, and conduct online meetings, webinars, and virtual classrooms with polling, screen sharing, chat, live PowerPoint viewing and annotation, webcam and on-demand video, moderated Q&A, and more.
Adobe Connect TrainingCreate, manage, deploy, and track eLearning courses and curricula, complete with enrollment, assessments, surveys, learner management, and reporting.
Adobe Connect EventsManage the full lifecycle of large- and small-scale events, such as email notification, event catalogs, registration management, reporting, and analytics.
Adobe PresenterRapidly create eLearning content and high-quality, multimedia, and on-demand presentations that can include narration, quizzes, and video.
Table of Contents1 Overview1 About Adobe Connect1 Adobe Connect Solution
Components2 Adobe Connect Server
Architecture3 Adobe Connect Data Flow5 Adobe Connect Security
Architecture6 User Authentication6 Adobe Connect Hosted Multi-
tenant Data Centers7 Adobe Connect Hosted Multi-
tenant Core Operational Security
9 Adobe Connect Hosted Multi-tenant Physical and EnvironmentalControls
13 Adobe Risk & Vulnerability Management
15 Adobe Corporate Security16 Adobe Corporate Locations17 Adobe Connect Compliance18 Customer Data
Adobe Connect CentralManage account-related information and content and use Adobe Connect Central to create meetings, manage presentations, create curriculums and events, view and download reports, and more.
Figure 1: Adobe Connect Product Architecture
Adobe Connect ServerAdobe Connect Server is an open platform server that delivers enterprise-class scalability with support for clustered environments and provides the reliability and redundancy to seamlessly support thousands of concurrent users.
In addition to the five (5) Adobe Connect software solutions, you can also publish training content and multimedia presentations directly to Adobe Connect Server from Adobe Captivate. Whats more, since Adobe Connect Server is an open platform, you can extend and integrate it with other, non-Adobe systems through a comprehensive set of APIs and a software development kit (SDK).
Adobe Connect Server ArchitectureAs a multi-tier server, Adobe Connect Server separates logical functions across independent processes.
Web ServerThe application layer of Adobe Connect Server is built on J2EE using Apache Tomcat. Apache HTTP Server provides the web server functionality. The web server contains and executes all the business logic necessary for delivering content to users.
Application ServerThe Adobe Connect Server application server manages users, groups, on-demand content, and client sessions, among other tasks. Some of the application servers specific duties include access control, security, compliance, quotas, and licensing, as well as auditing and management functions, such as clustering, failover, and replication. It also transcodes media, such as Microsoft PowerPoint and Adobe PDF, to a format that allows viewing without the original application.
Streaming Communication ServerAdobe Connect Server includes an embedded instance of Adobe Media Server that acts as the meeting server. This component handles all the real-time streaming of audio and video, synchronization of data, and delivery of rich media content. Adobe Media Server also plays a vital role in reducing server load and latency by caching frequently accessed streams and shared data.
Adobe Media Server uses the Real-Time Messaging Protocol (RTMP) but can be configured to use Secure Sockets Layer (SSL) for increased data security.
2Adobe Connect Security White Paper
DatabaseThe Adobe Connect Server database persistently stores transactional and application metadata, including user, group, content, and reporting information. Adobe Connect Server can use either theembedded database engine (Microsoft SQL Server Express) or the full version of Microsoft SQLServer. Check the Adobe Connect system requirements for the most up-to-date information.
The embedded database engine must be installed on the same computer as Adobe Connect Server but is not recommended for production. When deploying Adobe Connect Server in a cluster, you must use the full version of Microsoft SQL Server and it cannot be installed on the same computer as Adobe Connect Server. Standard cluster and hot-swap configurations for Microsoft SQL Server are supported for scalability and failover.
HTML Authoring/PublishingAdobe Connect Server uses Adobe CQ, a web content management system, for creating and managing HTML-based templates used for event email notifications, landing pages, and user self-registration. It provides the ability to author and subsequently publish web pages.
Adobe CQ requires at least one author and one publish instance within the Adobe Connect Server deployment when the Adobe Connect Events module is enabled. All the web-page authoring-related work is done in the Adobe CQ author instance and replicated in the publish instance. Thepublish instance is the read-only view of the web pages that have been authored in the AdobeCQ author instance. Multiple Adobe CQ author and publish instances can be configured within a server cluster to provide increased scalability and failover.
AnalyticsAdobe Connect provides limited reporting functionality. Optionally, Adobe Analytics can be used with either Adobe Connect Hosted or Adobe Connect Managed Service to provide more robust reporting and analytics for Adobe Connect events. These reports track viewing of landing pages; response to registration questions; attendance at meetings, webinars, or training; and even participation in polls, Q&A, and file download activity during meetings.
Media TranscodingAdobe Connect Server provides a number of file conversion utilities to automatically convert popular document formats into high-quality files to display in the meeting room. It converts PowerPoint files (e.g., .ppt and .pptx) into small, vector-based files, providing the highest-quality, resolution-independent display for all participants. The conversion also accurately reproduces hyperlinks and virtually all of the original animations contained within each slide. Each Adobe Connect client pre-caches the individual slides when they are loaded into a meeting room, using minimal bandwidth to maintain synchronization across all users and ensuring the lowest latency transitions. Adobe Connect Server displays animations exactly as they appear in the original slides and keeps all hyperlinks clickable. Other supported file formats, such as PDF, are similarlyconverted.
Adobe Connect Data FlowAdobe Connect uses the HTTP, HTTPS, RTMP, and RTMPS protocols. RTMP is optimized to deliver real-time, rich media streams. RTMPS is the secure implementation of RTMP.
The connection paths for unencrypted and encrypted communications between Adobe Connect clients and Adobe Connect Server differ.
3Adobe Connect Security White Paper
Unencrypted ConnectionsAdobe Connect unencrypted connections use HTTP and RTMP and follow the paths described in the table below. By default data in transit is encrypted. The numbers in the table correspond to the numbers in Figure 3, below.
1. The Adobe Connect client requests a meeting or content URL over HTTP:80.
2. The web server responds and transfers the content or provides the Adobe Connect client with informat